15,000 USDC
View results
Submission Details
Severity: medium
Valid

Should not revert because of liquidator's health factor

Summary

During the entire liquidation process, the financial health of the liquidator will not undergo any changes.After the liquidation is completed, the financial health of the liquidator will be examined. If the liquidator's account balance is less than the health value, the entire transaction will be rolled back.I believe that even if the liquidator has a bad debt, they should still have the right to conduct liquidations.

Vulnerability Details

Here is my test case:
1.delete update answer to 0 in MockMoreDebtDSC burn function:

function burn(uint256 _amount) public override onlyOwner {
// We crash the price
- MockV3Aggregator(mockAggregator).updateAnswer(0);
uint256 balance = balanceOf(msg.sender);
if (_amount <= 0) {
revert DecentralizedStableCoin__AmountMustBeMoreThanZero();
}
if (balance < _amount) {
revert DecentralizedStableCoin__BurnAmountExceedsBalance();
}
super.burn(_amount);
}

2.Foundry test code:

function testRevertBecauseOfLiquidatorHealthFactor() public {
// Arrange - Setup
MockMoreDebtDSC mockDsc = new MockMoreDebtDSC(ethUsdPriceFeed);
tokenAddresses = [weth];
feedAddresses = [ethUsdPriceFeed];
address owner = msg.sender;
vm.prank(owner);
DSCEngine mockDsce = new DSCEngine(
tokenAddresses,
feedAddresses,
address(mockDsc)
);
mockDsc.transferOwnership(address(mockDsce));
// Arrange - User
vm.startPrank(user);
ERC20Mock(weth).approve(address(mockDsce), amountCollateral);
mockDsce.depositCollateralAndMintDsc(weth, amountCollateral, amountToMint);
vm.stopPrank();
// Arrange - Liquidator
collateralToCover = 1 ether;
ERC20Mock(weth).mint(liquidator, collateralToCover);
vm.startPrank(liquidator);
ERC20Mock(weth).approve(address(mockDsce), collateralToCover);
uint256 debtToCover = 10 ether;
mockDsce.depositCollateralAndMintDsc(weth, collateralToCover, amountToMint);
mockDsc.approve(address(mockDsce), debtToCover);
// Act
int256 ethUsdUpdatedPrice = 18e8; // 1 ETH = $18
MockV3Aggregator(ethUsdPriceFeed).updateAnswer(ethUsdUpdatedPrice);
// Revert Because of Liquidator Health Factor<<<<<<<<<<
vm.expectRevert(abi.encodeWithSelector(DSCEngine.DSCEngine__BreaksHealthFactor.selector, mockDsce.getHealthFactor(liquidator)));
mockDsce.liquidate(weth, user, debtToCover);
vm.stopPrank();
}

Impact

1.If the liquidator has bad debt, the liquidation process cannot be successfully executed
2.The liquidator cannot liquidate their own bad debt.

Tools Used

manul

Recommendations

delete _revertIfHealthFactorIsBroken in liquidate

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.